Help with svchost.exe(Trojan.Agent) and (Trojan.Dropper.BCMiner)

Inactive
By reloader-1
Jul 31, 2012
  1. I'm normally somewhat decent at keeping my systems clean but this infection has me worried, as I am about to head off to school in Europe on Sunday and I want my system ready to go. Any help is very much appreciated!

    -----------------------------------------

    Malwarebytes Log:

    -----------------------------------------

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.30.08

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    :: VOSTRO3350 [administrator]

    Protection: Enabled

    7/30/2012 12:55:51 PM
    mbam-log-2012-07-30 (12-55-51).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 190386
    Time elapsed: 37 second(s)

    Memory Processes Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> 4044 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\Windows\Installer\{527fca17-bc25-e78a-abbc-374ecbbce2fb}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
    C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

    (end)

    --------------------------------------

    GMER Log:

    --------------------------------------

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-07-31 13:31:44
    Windows 6.1.7601 Service Pack 1
    Running: xsy9l5iy.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ac7289d08891
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ac7289d08891 (not active ControlSet)

    ---- Files - GMER 1.0.15 ----

    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\6YO7X987.txt 723 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\2QKHIXE9.txt 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\3GNJX6XT.txt 126 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\VF9LQVPU.txt 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\9B3TB5HV.txt 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\R1925ESG.txt 4233 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\LE8NMR2U.txt 3132 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\1DRFC8D9.txt 115 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\MOXSILWE.txt 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\FABOBGR7.txt 543 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\QAUFSG11.txt 7504 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\5DO1BJ6O.txt 872 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\7RK9NNXK.txt 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\7TE7SO3P.txt 7751 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\7WYFGH2C.txt 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\P4443JL5.txt 1679 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\DGFAH8L0.txt 88 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\JUJQQWDH.txt 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\W2614BIT.txt 0 bytes

    ---- EOF - GMER 1.0.15 ----

    ---------------------------------------------

    DDS Log

    ---------------------------------------------

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
    Run by X at 13:32:28 on 2012-07-31
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6051.3015 [GMT -4:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\vcsFPService.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    C:\Program Files\IDT\WDM\AESTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    -netsvcs
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com
    uDefault_Page_URL = hxxp://www.dell.com
    mStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Free YouTube to MP3 Converter - C:\Users\X\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
    TCP: DhcpNameServer = 192.168.2.1 75.75.75.75 75.75.76.76
    TCP: Interfaces\{51623F26-BA2D-4270-B19A-8EAB9CA5D485} : DhcpNameServer = 192.168.2.1 75.75.75.75 75.75.76.76
    TCP: Interfaces\{F538A39B-9083-416D-88DE-D13D59653482} : DhcpNameServer = 192.168.2.1 75.75.75.75 75.75.76.76
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\X\AppData\Roaming\Mozilla\Firefox\Profiles\uzx6ntby.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]
    R1 NEOFLTR_720_20645;Juniper Networks TDI Filter Driver (NEOFLTR_720_20645);\??\C:\Windows\system32\Drivers\NEOFLTR_720_20645.SYS --> C:\Windows\system32\Drivers\NEOFLTR_720_20645.SYS [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-12-2 89600]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-25 655944]
    R2 RosettaStoneDaemon;RosettaStoneDaemon;C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2011-4-15 1646056]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-2 2655768]
    R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-12-3 2696496]
    R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-15 136176]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-17 250056]
    S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-15 136176]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-5 113120]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-07-31 00:58:46 20480 ----a-w- C:\Windows\svchost.exe
    2012-07-30 17:04:35 98816 ----a-w- C:\Windows\sed.exe
    2012-07-30 17:04:35 518144 ----a-w- C:\Windows\SWREG.exe
    2012-07-30 17:04:35 256000 ----a-w- C:\Windows\PEV.exe
    2012-07-30 17:04:35 208896 ----a-w- C:\Windows\MBR.exe
    2012-07-30 17:04:33 -------- d-s---w- C:\ComboFix
    2012-07-30 15:51:24 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
    2012-07-30 02:07:13 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\997D.tmp
    2012-07-30 02:07:13 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\997C.tmp
    2012-07-27 16:02:43 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{16FBCE7C-08BB-4482-86A7-40BE8B4E8886}\mpengine.dll
    2012-07-25 04:32:31 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\142B.tmp
    2012-07-13 15:14:25 3148800 ----a-w- C:\Windows\System32\win32k.sys
    .
    ==================== Find3M ====================
    .
    2012-07-30 16:04:07 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-30 16:04:07 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
    2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
    2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
    2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
    2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
    2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
    2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
    2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2012-05-31 16:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll
    2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    .
    ============= FINISH: 13:32:47.87 ===============

    --------------------------------------

    DDS Attach Log

    ---------------------------------------

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/2/2011 12:41:17 AM
    System Uptime: 7/31/2012 11:49:06 AM (2 hours ago)
    .
    Motherboard: Dell Inc. | | 0CXHNM
    Processor: Intel(R) Core(TM) i7-2640M CPU @ 2.80GHz | CPU 1 | 2801/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 119 GiB total, 69.235 GiB free.
    D: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP108: 6/26/2012 12:47:09 PM - Windows Update
    RP109: 6/29/2012 1:29:53 PM - Windows Update
    RP110: 7/3/2012 10:03:59 PM - Windows Update
    RP111: 7/6/2012 10:08:51 PM - Windows Update
    RP112: 7/12/2012 10:55:27 PM - Windows Update
    RP114: 7/13/2012 11:13:09 AM - Windows Modules Installer
    RP115: 7/13/2012 11:14:02 AM - Windows Modules Installer
    RP116: 7/17/2012 9:24:35 PM - Windows Update
    RP117: 7/24/2012 7:51:43 PM - Windows Update
    RP119: 7/25/2012 12:46:31 AM - Windows Defender Checkpoint
    RP120: 7/30/2012 1:04:37 PM - ComboFix created restore point
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    AccelerometerP11
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.3)
    Adobe Shockwave Player 11.6
    Apple Application Support
    Apple Software Update
    Barbarian Invasion
    BlackBerry Desktop Software 6.1
    Coupon Printer for Windows
    Dell Resource CD
    Free RAR Extract Frog
    Free YouTube to MP3 Converter version 3.10.15.1228
    Google Update Helper
    IDT Audio
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Java Auto Updater
    Java(TM) 6 Update 31
    Juniper Networks Host Checker
    Juniper Networks Secure Application Manager
    Juniper Networks Setup Client Activex Control
    Juniper Networks, Inc. Setup Client
    Juniper Terminal Services Client
    Kernel EML Viewer ver 10.09.01
    KeyTweak - Keyboard Remapper (remove only)
    Malwarebytes Anti-Malware version 1.62.0.1300
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox 14.0.1 (x86 en-US)
    Mozilla Maintenance Service
    RACE 07
    Realtek Ethernet Controller Driver
    Realtek USB 2.0 Card Reader
    Renesas Electronics USB 3.0 Host Controller Driver
    Rome - Total War
    Rome - Total War - Alexander
    Rosetta Stone Ltd Services
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Skype™ 5.10
    Steam
    SteamApp8650
    swMSM
    System Requirements Lab CYRI
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/31/2012 11:49:19 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    7/31/2012 1:23:03 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    7/31/2012 1:23:03 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
    7/30/2012 12:54:29 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    7/30/2012 12:54:29 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    7/30/2012 1:44:45 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8a0001fa000, 0x0000000000000000, 0xfffff80002ce49ca, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 073012-7628-01.
    7/30/2012 1:09:11 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
    7/30/2012 1:08:34 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    7/30/2012 1:08:14 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    7/29/2012 10:07:14 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
    .
    ==== End Of File ===========================
  2. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================

    I don't see any AV program running.
    Install ONE of these:
    - Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
    - free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
    - free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php
    Update, run full scan, report on any findings.

    ====================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  3. reloader-1

    reloader-1 Newcomer, in training Topic Starter

    Thanks Broni! I have no problem doing a slash & burn reinstall if it is easier, to insure that everything is gone. Let me know if that is a good option.

    Downloaded Microsoft Security Essentials. Found a ton of stuff.

    Trojan:Win64/Alureon.gen!F - Quarantined
    Trojan:Win32/Alureon.gen!AD - Quarantined
    Trojan:DOS/Alureon.gJ - Quarantined
    Trojan:Win21/Orsam!rts - Quarantined
    Virus:Win64/Sirefef.B -Quarantined
    Trojan:Dos/Alureon.A - Removed
    Exploit:Java/CVE-2012-0507.F - Removed
    Trojan:Win64/Alureon.gen!K - Removed
    Exploit:Java/CVE-2010-0840.NS - Removed
    Exploit:Java/CVE-2011-3544.CR - Removed
    Exploit:Java/CVE-2011-3544.L - Removed
    Trojan:Win64/Sirefef - Removed
    Exploit:Java/CVE-2011-3544.gen!A - Removed
    Trojan:Win32/Sirefef.AN- Removed
    Exploit:Java/Blacole.ET- Removed
    Exploit:Java/Blacole.FK- Removed
    Trojan:Win64/Sirefef.AA- Removed
    Exploit:Java/CVE-2010-0840.QE- Removed
    Trojan:Win64/Sirefef.W- Removed
    Trojan:DOS/Alureon.A- Quarantined
    Trojan:Win32/Sirefef.AB- Quarantined
    Trojan:Win64/Sirefef.P- Quarantined
    Trojan:Win64/Sirefef.P- Quarantined
    Trojan:DOS/Alureon.A- Removed
    Trojan:DOS/Alureon.A- Removed

    ----------------------------

    TDS Killer Log:

    ----------------------------
    13:33:10.0804 4800 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
    13:33:11.0100 4800 ============================================================
    13:33:11.0100 4800 Current date / time: 2012/08/01 13:33:11.0100
    13:33:11.0100 4800 SystemInfo:
    13:33:11.0100 4800
    13:33:11.0100 4800 OS Version: 6.1.7601 ServicePack: 1.0
    13:33:11.0100 4800 Product type: Workstation
    13:33:11.0100 4800 ComputerName: VOSTRO3350
    13:33:11.0100 4800 UserName: X
    13:33:11.0100 4800 Windows directory: C:\Windows
    13:33:11.0100 4800 System windows directory: C:\Windows
    13:33:11.0100 4800 Running under WOW64
    13:33:11.0100 4800 Processor architecture: Intel x64
    13:33:11.0100 4800 Number of processors: 4
    13:33:11.0100 4800 Page size: 0x1000
    13:33:11.0100 4800 Boot type: Normal boot
    13:33:11.0100 4800 ============================================================
    13:33:11.0521 4800 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    13:33:11.0521 4800 ============================================================
    13:33:11.0521 4800 \Device\Harddisk0\DR0:
    13:33:11.0521 4800 MBR partitions:
    13:33:11.0521 4800 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    13:33:11.0521 4800 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49000
    13:33:11.0521 4800 ============================================================
    13:33:11.0521 4800 C: <-> \Device\Harddisk0\DR0\Partition1
    13:33:11.0521 4800 ============================================================
    13:33:11.0521 4800 Initialize success
    13:33:11.0521 4800 ============================================================
    13:33:13.0721 5588 ============================================================
    13:33:13.0721 5588 Scan started
    13:33:13.0721 5588 Mode: Manual;
    13:33:13.0721 5588 ============================================================
    13:33:14.0033 5588 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    13:33:14.0033 5588 1394ohci - ok
    13:33:14.0048 5588 Acceler (e0065cbf1a25c015c218457d2cd522b9) C:\Windows\system32\DRIVERS\Accelern.sys
    13:33:14.0048 5588 Acceler - ok
    13:33:14.0064 5588 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    13:33:14.0064 5588 ACPI - ok
    13:33:14.0064 5588 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    13:33:14.0064 5588 AcpiPmi - ok
    13:33:14.0080 5588 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    13:33:14.0080 5588 AdobeARMservice - ok
    13:33:14.0111 5588 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    13:33:14.0111 5588 AdobeFlashPlayerUpdateSvc - ok
    13:33:14.0142 5588 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
    13:33:14.0142 5588 adp94xx - ok
    13:33:14.0158 5588 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
    13:33:14.0158 5588 adpahci - ok
    13:33:14.0173 5588 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
    13:33:14.0173 5588 adpu320 - ok
    13:33:14.0173 5588 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    13:33:14.0173 5588 AeLookupSvc - ok
    13:33:14.0189 5588 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
    13:33:14.0189 5588 AESTFilters - ok
    13:33:14.0220 5588 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
    13:33:14.0220 5588 AFD - ok
    13:33:14.0220 5588 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    13:33:14.0220 5588 agp440 - ok
    13:33:14.0236 5588 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    13:33:14.0236 5588 ALG - ok
    13:33:14.0236 5588 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    13:33:14.0236 5588 aliide - ok
    13:33:14.0236 5588 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    13:33:14.0236 5588 amdide - ok
    13:33:14.0251 5588 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
    13:33:14.0251 5588 AmdK8 - ok
    13:33:14.0251 5588 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
    13:33:14.0251 5588 AmdPPM - ok
    13:33:14.0267 5588 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    13:33:14.0267 5588 amdsata - ok
    13:33:14.0267 5588 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
    13:33:14.0282 5588 amdsbs - ok
    13:33:14.0282 5588 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    13:33:14.0282 5588 amdxata - ok
    13:33:14.0282 5588 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    13:33:14.0282 5588 AppID - ok
    13:33:14.0282 5588 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    13:33:14.0298 5588 AppIDSvc - ok
    13:33:14.0298 5588 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
    13:33:14.0298 5588 Appinfo - ok
    13:33:14.0314 5588 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    13:33:14.0314 5588 Apple Mobile Device - ok
    13:33:14.0314 5588 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
    13:33:14.0329 5588 AppMgmt - ok
    13:33:14.0329 5588 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
    13:33:14.0329 5588 arc - ok
    13:33:14.0329 5588 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
    13:33:14.0329 5588 arcsas - ok
    13:33:14.0345 5588 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    13:33:14.0345 5588 AsyncMac - ok
    13:33:14.0345 5588 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    13:33:14.0345 5588 atapi - ok
    13:33:14.0376 5588 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    13:33:14.0376 5588 AudioEndpointBuilder - ok
    13:33:14.0376 5588 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    13:33:14.0392 5588 AudioSrv - ok
    13:33:14.0392 5588 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
    13:33:14.0392 5588 AxInstSV - ok
    13:33:14.0407 5588 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
    13:33:14.0423 5588 b06bdrv - ok
    13:33:14.0423 5588 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    13:33:14.0423 5588 b57nd60a - ok
    13:33:14.0438 5588 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    13:33:14.0438 5588 BDESVC - ok
    13:33:14.0438 5588 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    13:33:14.0438 5588 Beep - ok
    13:33:14.0470 5588 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
    13:33:14.0485 5588 BFE - ok
    13:33:14.0485 5588 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    13:33:14.0485 5588 blbdrive - ok
    13:33:14.0501 5588 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
    13:33:14.0501 5588 Bonjour Service - ok
    13:33:14.0516 5588 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    13:33:14.0516 5588 bowser - ok
    13:33:14.0516 5588 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
    13:33:14.0516 5588 BrFiltLo - ok
    13:33:14.0516 5588 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
    13:33:14.0516 5588 BrFiltUp - ok
    13:33:14.0532 5588 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
    13:33:14.0532 5588 BridgeMP - ok
    13:33:14.0548 5588 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
    13:33:14.0548 5588 Browser - ok
    13:33:14.0548 5588 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    13:33:14.0563 5588 Brserid - ok
    13:33:14.0563 5588 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    13:33:14.0563 5588 BrSerWdm - ok
    13:33:14.0563 5588 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    13:33:14.0563 5588 BrUsbMdm - ok
    13:33:14.0563 5588 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    13:33:14.0563 5588 BrUsbSer - ok
    13:33:14.0579 5588 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
    13:33:14.0579 5588 BthEnum - ok
    13:33:14.0579 5588 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
    13:33:14.0579 5588 BTHMODEM - ok
    13:33:14.0594 5588 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
    13:33:14.0594 5588 BthPan - ok
    13:33:14.0610 5588 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
    13:33:14.0610 5588 BTHPORT - ok
    13:33:14.0626 5588 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    13:33:14.0626 5588 bthserv - ok
    13:33:14.0626 5588 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
    13:33:14.0626 5588 BTHUSB - ok
    13:33:14.0641 5588 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    13:33:14.0641 5588 cdfs - ok
    13:33:14.0641 5588 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    13:33:14.0657 5588 cdrom - ok
    13:33:14.0657 5588 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    13:33:14.0657 5588 CertPropSvc - ok
    13:33:14.0657 5588 cfhckixs (fa1dabdba6721f4fe345413b3a189ead) C:\Windows\system32\drivers\cfhckixs.sys
    13:33:14.0657 5588 cfhckixs - ok
    13:33:14.0672 5588 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
    13:33:14.0672 5588 circlass - ok
    13:33:14.0688 5588 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    13:33:14.0688 5588 CLFS - ok
    13:33:14.0688 5588 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    13:33:14.0704 5588 clr_optimization_v2.0.50727_32 - ok
    13:33:14.0704 5588 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    13:33:14.0704 5588 clr_optimization_v2.0.50727_64 - ok
    13:33:14.0719 5588 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    13:33:14.0719 5588 clr_optimization_v4.0.30319_32 - ok
    13:33:14.0735 5588 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    13:33:14.0735 5588 clr_optimization_v4.0.30319_64 - ok
    13:33:14.0735 5588 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    13:33:14.0750 5588 CmBatt - ok
    13:33:14.0750 5588 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    13:33:14.0750 5588 cmdide - ok
    13:33:14.0766 5588 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
    13:33:14.0766 5588 CNG - ok
    13:33:14.0766 5588 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    13:33:14.0766 5588 Compbatt - ok
    13:33:14.0782 5588 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
    13:33:14.0782 5588 CompositeBus - ok
    13:33:14.0782 5588 COMSysApp - ok
    13:33:14.0782 5588 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
    13:33:14.0782 5588 crcdisk - ok
    13:33:14.0797 5588 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
    13:33:14.0797 5588 CryptSvc - ok
    13:33:14.0813 5588 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
    13:33:14.0828 5588 CSC - ok
    13:33:14.0844 5588 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
    13:33:14.0860 5588 CscService - ok
    13:33:14.0875 5588 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    13:33:14.0875 5588 DcomLaunch - ok
    13:33:14.0891 5588 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    13:33:14.0906 5588 defragsvc - ok
    13:33:14.0906 5588 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    13:33:14.0922 5588 DfsC - ok
    13:33:14.0922 5588 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
    13:33:14.0938 5588 Dhcp - ok
    13:33:14.0938 5588 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    13:33:14.0938 5588 discache - ok
    13:33:14.0953 5588 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
    13:33:14.0953 5588 Disk - ok
    13:33:14.0953 5588 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
    13:33:14.0953 5588 dmvsc - ok
    13:33:14.0969 5588 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
    13:33:14.0969 5588 Dnscache - ok
    13:33:14.0984 5588 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
    13:33:14.0984 5588 dot3svc - ok
    13:33:14.0984 5588 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
    13:33:14.0984 5588 DPS - ok
    13:33:15.0000 5588 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    13:33:15.0000 5588 drmkaud - ok
    13:33:15.0031 5588 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    13:33:15.0031 5588 DXGKrnl - ok
    13:33:15.0047 5588 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    13:33:15.0047 5588 EapHost - ok
    13:33:15.0156 5588 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
    13:33:15.0187 5588 ebdrv - ok
    13:33:15.0218 5588 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
    13:33:15.0218 5588 EFS - ok
    13:33:15.0250 5588 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
    13:33:15.0250 5588 ehRecvr - ok
    13:33:15.0265 5588 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    13:33:15.0265 5588 ehSched - ok
    13:33:15.0296 5588 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
    13:33:15.0296 5588 elxstor - ok
    13:33:15.0296 5588 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    13:33:15.0296 5588 ErrDev - ok
    13:33:15.0328 5588 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    13:33:15.0328 5588 EventSystem - ok
    13:33:15.0374 5588 EvtEng (8b6c9924b0d333dbf76086b8258a0891) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    13:33:15.0390 5588 EvtEng - ok
    13:33:15.0437 5588 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    13:33:15.0437 5588 exfat - ok
    13:33:15.0452 5588 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    13:33:15.0452 5588 fastfat - ok
    13:33:15.0484 5588 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
    13:33:15.0484 5588 Fax - ok
    13:33:15.0499 5588 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
    13:33:15.0499 5588 fdc - ok
    13:33:15.0499 5588 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    13:33:15.0499 5588 fdPHost - ok
    13:33:15.0499 5588 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    13:33:15.0515 5588 FDResPub - ok
    13:33:15.0515 5588 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    13:33:15.0515 5588 FileInfo - ok
    13:33:15.0515 5588 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    13:33:15.0515 5588 Filetrace - ok
    13:33:15.0530 5588 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
    13:33:15.0530 5588 flpydisk - ok
    13:33:15.0530 5588 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    13:33:15.0546 5588 FltMgr - ok
    13:33:15.0577 5588 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
    13:33:15.0593 5588 FontCache - ok
    13:33:15.0608 5588 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    13:33:15.0608 5588 FontCache3.0.0.0 - ok
    13:33:15.0624 5588 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    13:33:15.0624 5588 FsDepends - ok
    13:33:15.0624 5588 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
    13:33:15.0624 5588 Fs_Rec - ok
    13:33:15.0640 5588 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    13:33:15.0640 5588 fvevol - ok
    13:33:15.0640 5588 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
    13:33:15.0655 5588 gagp30kx - ok
    13:33:15.0655 5588 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
  4. reloader-1

    reloader-1 Newcomer, in training Topic Starter

    Continued:

    13:33:15.0655 5588 GEARAspiWDM - ok
    13:33:15.0686 5588 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
    13:33:15.0686 5588 gpsvc - ok
    13:33:15.0702 5588 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    13:33:15.0702 5588 gupdate - ok
    13:33:15.0702 5588 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    13:33:15.0702 5588 gupdatem - ok
    13:33:15.0702 5588 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    13:33:15.0718 5588 hcw85cir - ok
    13:33:15.0718 5588 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    13:33:15.0733 5588 HdAudAddService - ok
    13:33:15.0733 5588 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    13:33:15.0733 5588 HDAudBus - ok
    13:33:15.0749 5588 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
    13:33:15.0749 5588 HidBatt - ok
    13:33:15.0749 5588 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
    13:33:15.0749 5588 HidBth - ok
    13:33:15.0749 5588 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
    13:33:15.0749 5588 HidIr - ok
    13:33:15.0764 5588 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
    13:33:15.0764 5588 hidserv - ok
    13:33:15.0764 5588 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    13:33:15.0764 5588 HidUsb - ok
    13:33:15.0780 5588 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
    13:33:15.0780 5588 hkmsvc - ok
    13:33:15.0796 5588 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
    13:33:15.0811 5588 HomeGroupListener - ok
    13:33:15.0827 5588 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
    13:33:15.0827 5588 HomeGroupProvider - ok
    13:33:15.0827 5588 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    13:33:15.0827 5588 HpSAMD - ok
    13:33:15.0858 5588 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    13:33:15.0858 5588 HTTP - ok
    13:33:15.0874 5588 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    13:33:15.0874 5588 hwpolicy - ok
    13:33:15.0874 5588 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    13:33:15.0874 5588 i8042prt - ok
    13:33:15.0889 5588 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    13:33:15.0905 5588 iaStorV - ok
    13:33:15.0936 5588 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    13:33:15.0936 5588 idsvc - ok
    13:33:16.0342 5588 igfx (78527e6a4d78b1153925914c55872beb) C:\Windows\system32\DRIVERS\igdkmd64.sys
    13:33:16.0466 5588 igfx - ok
    13:33:16.0498 5588 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
    13:33:16.0498 5588 iirsp - ok
    13:33:16.0529 5588 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
    13:33:16.0544 5588 IKEEXT - ok
    13:33:16.0560 5588 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
    13:33:16.0576 5588 IntcDAud - ok
    13:33:16.0576 5588 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    13:33:16.0576 5588 intelide - ok
    13:33:16.0576 5588 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    13:33:16.0576 5588 intelppm - ok
    13:33:16.0591 5588 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    13:33:16.0591 5588 IPBusEnum - ok
    13:33:16.0591 5588 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    13:33:16.0591 5588 IpFilterDriver - ok
    13:33:16.0607 5588 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
    13:33:16.0622 5588 iphlpsvc - ok
    13:33:16.0622 5588 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    13:33:16.0622 5588 IPMIDRV - ok
    13:33:16.0638 5588 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    13:33:16.0638 5588 IPNAT - ok
    13:33:16.0669 5588 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
    13:33:16.0685 5588 iPod Service - ok
    13:33:16.0685 5588 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    13:33:16.0685 5588 IRENUM - ok
    13:33:16.0685 5588 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    13:33:16.0700 5588 isapnp - ok
    13:33:16.0700 5588 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    13:33:16.0700 5588 iScsiPrt - ok
    13:33:16.0716 5588 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    13:33:16.0716 5588 kbdclass - ok
    13:33:16.0716 5588 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
    13:33:16.0716 5588 kbdhid - ok
    13:33:16.0716 5588 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    13:33:16.0716 5588 KeyIso - ok
    13:33:16.0732 5588 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
    13:33:16.0732 5588 KSecDD - ok
    13:33:16.0732 5588 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
    13:33:16.0747 5588 KSecPkg - ok
    13:33:16.0747 5588 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    13:33:16.0747 5588 ksthunk - ok
    13:33:16.0763 5588 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    13:33:16.0763 5588 KtmRm - ok
    13:33:16.0778 5588 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
    13:33:16.0778 5588 LanmanServer - ok
    13:33:16.0778 5588 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
    13:33:16.0778 5588 LanmanWorkstation - ok
    13:33:16.0794 5588 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    13:33:16.0794 5588 lltdio - ok
    13:33:16.0810 5588 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    13:33:16.0810 5588 lltdsvc - ok
    13:33:16.0810 5588 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    13:33:16.0810 5588 lmhosts - ok
    13:33:16.0825 5588 LMS (0803906d607a9b83184447b75b60ecc2) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    13:33:16.0841 5588 LMS - ok
    13:33:16.0841 5588 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
    13:33:16.0841 5588 LSI_FC - ok
    13:33:16.0856 5588 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
    13:33:16.0856 5588 LSI_SAS - ok
    13:33:16.0856 5588 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
    13:33:16.0856 5588 LSI_SAS2 - ok
    13:33:16.0872 5588 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
    13:33:16.0872 5588 LSI_SCSI - ok
    13:33:16.0872 5588 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    13:33:16.0872 5588 luafv - ok
    13:33:16.0888 5588 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
    13:33:16.0888 5588 MBAMProtector - ok
    13:33:16.0903 5588 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    13:33:16.0919 5588 MBAMService - ok
    13:33:16.0919 5588 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
    13:33:16.0919 5588 Mcx2Svc - ok
    13:33:16.0919 5588 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
    13:33:16.0934 5588 megasas - ok
    13:33:16.0934 5588 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
    13:33:16.0934 5588 MegaSR - ok
    13:33:16.0950 5588 MEIx64 (1c6e73fc46b509eff9d0086aa37132df) C:\Windows\system32\DRIVERS\HECIx64.sys
    13:33:16.0950 5588 MEIx64 - ok
    13:33:16.0966 5588 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
    13:33:16.0966 5588 Microsoft Office Groove Audit Service - ok
    13:33:16.0966 5588 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    13:33:16.0966 5588 MMCSS - ok
    13:33:16.0966 5588 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    13:33:16.0966 5588 Modem - ok
    13:33:16.0981 5588 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    13:33:16.0981 5588 monitor - ok
    13:33:16.0981 5588 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    13:33:16.0981 5588 mouclass - ok
    13:33:16.0981 5588 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    13:33:16.0981 5588 mouhid - ok
    13:33:16.0997 5588 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    13:33:16.0997 5588 mountmgr - ok
    13:33:16.0997 5588 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    13:33:16.0997 5588 MozillaMaintenance - ok
    13:33:17.0012 5588 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
    13:33:17.0012 5588 MpFilter - ok
    13:33:17.0028 5588 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    13:33:17.0028 5588 mpio - ok
    13:33:17.0044 5588 MpKsl4a1b7940 (0ebb390b7aeec45ec061d9870a34fd42) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A780761B-1B29-4FE0-A598-01A8BC103BB1}\MpKsl4a1b7940.sys
    13:33:17.0044 5588 MpKsl4a1b7940 - ok
    13:33:17.0044 5588 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    13:33:17.0044 5588 mpsdrv - ok
    13:33:17.0044 5588 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    13:33:17.0059 5588 MRxDAV - ok
    13:33:17.0059 5588 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    13:33:17.0059 5588 mrxsmb - ok
    13:33:17.0075 5588 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    13:33:17.0075 5588 mrxsmb10 - ok
    13:33:17.0090 5588 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    13:33:17.0090 5588 mrxsmb20 - ok
    13:33:17.0090 5588 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    13:33:17.0090 5588 msahci - ok
    13:33:17.0090 5588 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    13:33:17.0106 5588 msdsm - ok
    13:33:17.0106 5588 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    13:33:17.0106 5588 MSDTC - ok
    13:33:17.0122 5588 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    13:33:17.0122 5588 Msfs - ok
    13:33:17.0122 5588 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    13:33:17.0122 5588 mshidkmdf - ok
    13:33:17.0122 5588 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    13:33:17.0122 5588 msisadrv - ok
    13:33:17.0137 5588 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    13:33:17.0137 5588 MSiSCSI - ok
    13:33:17.0137 5588 msiserver - ok
    13:33:17.0137 5588 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    13:33:17.0137 5588 MSKSSRV - ok
    13:33:17.0153 5588 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
    13:33:17.0153 5588 MsMpSvc - ok
    13:33:17.0153 5588 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    13:33:17.0153 5588 MSPCLOCK - ok
    13:33:17.0153 5588 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    13:33:17.0153 5588 MSPQM - ok
    13:33:17.0168 5588 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    13:33:17.0184 5588 MsRPC - ok
    13:33:17.0184 5588 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    13:33:17.0184 5588 mssmbios - ok
    13:33:17.0184 5588 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    13:33:17.0184 5588 MSTEE - ok
    13:33:17.0184 5588 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
    13:33:17.0184 5588 MTConfig - ok
    13:33:17.0200 5588 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    13:33:17.0200 5588 Mup - ok
    13:33:17.0215 5588 MyWiFiDHCPDNS (6ed8935257672f4cd04a88a0f3de093d) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    13:33:17.0215 5588 MyWiFiDHCPDNS - ok
    13:33:17.0231 5588 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
    13:33:17.0231 5588 napagent - ok
    13:33:17.0246 5588 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    13:33:17.0246 5588 NativeWifiP - ok
    13:33:17.0278 5588 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    13:33:17.0293 5588 NDIS - ok
    13:33:17.0293 5588 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    13:33:17.0309 5588 NdisCap - ok
    13:33:17.0309 5588 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    13:33:17.0309 5588 NdisTapi - ok
    13:33:17.0309 5588 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    13:33:17.0309 5588 Ndisuio - ok
    13:33:17.0324 5588 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    13:33:17.0324 5588 NdisWan - ok
    13:33:17.0324 5588 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    13:33:17.0324 5588 NDProxy - ok
    13:33:17.0340 5588 NEOFLTR_720_20645 (d3ab9f871482bcb0295ba7639fb476aa) C:\Windows\system32\Drivers\NEOFLTR_720_20645.SYS
    13:33:17.0340 5588 NEOFLTR_720_20645 - ok
    13:33:17.0340 5588 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    13:33:17.0340 5588 NetBIOS - ok
    13:33:17.0356 5588 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    13:33:17.0356 5588 NetBT - ok
    13:33:17.0371 5588 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    13:33:17.0371 5588 Netlogon - ok
    13:33:17.0387 5588 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    13:33:17.0387 5588 Netman - ok
    13:33:17.0402 5588 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    13:33:17.0418 5588 netprofm - ok
    13:33:17.0418 5588 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    13:33:17.0418 5588 NetTcpPortSharing - ok
    13:33:17.0714 5588 NETwNs64 (5d262402b0634c998f8cbcead7dd8676) C:\Windows\system32\DRIVERS\NETwNs64.sys
    13:33:17.0777 5588 NETwNs64 - ok
    13:33:17.0824 5588 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
    13:33:17.0824 5588 nfrd960 - ok
    13:33:17.0839 5588 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    13:33:17.0839 5588 NisDrv - ok
    13:33:17.0855 5588 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
    13:33:17.0855 5588 NisSrv - ok
    13:33:17.0870 5588 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
    13:33:17.0870 5588 NlaSvc - ok
    13:33:17.0886 5588 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    13:33:17.0886 5588 Npfs - ok
    13:33:17.0886 5588 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    13:33:17.0886 5588 nsi - ok
    13:33:17.0886 5588 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    13:33:17.0902 5588 nsiproxy - ok
    13:33:17.0948 5588 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    13:33:17.0964 5588 Ntfs - ok
    13:33:18.0011 5588 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    13:33:18.0011 5588 Null - ok
    13:33:18.0011 5588 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\DRIVERS\nusb3hub.sys
    13:33:18.0011 5588 nusb3hub - ok
    13:33:18.0026 5588 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\DRIVERS\nusb3xhc.sys
    13:33:18.0026 5588 nusb3xhc - ok
    13:33:18.0042 5588 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    13:33:18.0042 5588 nvraid - ok
    13:33:18.0042 5588 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    13:33:18.0058 5588 nvstor - ok
    13:33:18.0058 5588 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    13:33:18.0058 5588 nv_agp - ok
    13:33:18.0089 5588 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    13:33:18.0089 5588 odserv - ok
    13:33:18.0089 5588 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    13:33:18.0089 5588 ohci1394 - ok
    13:33:18.0104 5588 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    13:33:18.0104 5588 ose - ok
    13:33:18.0120 5588 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    13:33:18.0120 5588 p2pimsvc - ok
    13:33:18.0136 5588 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    13:33:18.0136 5588 p2psvc - ok
    13:33:18.0151 5588 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
    13:33:18.0151 5588 Parport - ok
    13:33:18.0151 5588 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
    13:33:18.0151 5588 partmgr - ok
    13:33:18.0167 5588 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    13:33:18.0167 5588 PcaSvc - ok
    13:33:18.0182 5588 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    13:33:18.0182 5588 pci - ok
    13:33:18.0182 5588 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    13:33:18.0182 5588 pciide - ok
    13:33:18.0198 5588 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
    13:33:18.0198 5588 pcmcia - ok
    13:33:18.0198 5588 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    13:33:18.0198 5588 pcw - ok
    13:33:18.0214 5588 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    13:33:18.0229 5588 PEAUTH - ok
    13:33:18.0276 5588 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
    13:33:18.0292 5588 PeerDistSvc - ok
    13:33:18.0323 5588 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    13:33:18.0323 5588 PerfHost - ok
    13:33:18.0401 5588 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
    13:33:18.0432 5588 pla - ok
    13:33:18.0448 5588 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
    13:33:18.0463 5588 PlugPlay - ok
    13:33:18.0463 5588 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    13:33:18.0463 5588 PNRPAutoReg - ok
    13:33:18.0479 5588 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    13:33:18.0479 5588 PNRPsvc - ok
    13:33:18.0494 5588 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
    13:33:18.0510 5588 PolicyAgent - ok
    13:33:18.0510 5588 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    13:33:18.0526 5588 Power - ok
    13:33:18.0541 5588 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    13:33:18.0541 5588 PptpMiniport - ok
    13:33:18.0541 5588 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
    13:33:18.0541 5588 Processor - ok
    13:33:18.0557 5588 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
    13:33:18.0557 5588 ProfSvc - ok
    13:33:18.0557 5588 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    13:33:18.0557 5588 ProtectedStorage - ok
    13:33:18.0572 5588 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    13:33:18.0572 5588 Psched - ok
    13:33:18.0619 5588 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
    13:33:18.0635 5588 ql2300 - ok
    13:33:18.0682 5588 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
    13:33:18.0682 5588 ql40xx - ok
    13:33:18.0697 5588 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    13:33:18.0697 5588 QWAVE - ok
    13:33:18.0713 5588 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    13:33:18.0713 5588 QWAVEdrv - ok
    13:33:18.0713 5588 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    13:33:18.0713 5588 RasAcd - ok
    13:33:18.0728 5588 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    13:33:18.0728 5588 RasAgileVpn - ok
    13:33:18.0728 5588 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    13:33:18.0728 5588 RasAuto - ok
    13:33:18.0744 5588 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    13:33:18.0744 5588 Rasl2tp - ok
    13:33:18.0760 5588 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
    13:33:18.0760 5588 RasMan - ok
    13:33:18.0775 5588 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    13:33:18.0775 5588 RasPppoe - ok
    13:33:18.0775 5588 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    13:33:18.0775 5588 RasSstp - ok
    13:33:18.0791 5588 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    13:33:18.0791 5588 rdbss - ok
    13:33:18.0791 5588 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    13:33:18.0791 5588 rdpbus - ok
    13:33:18.0791 5588 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    13:33:18.0806 5588 RDPCDD - ok
    13:33:18.0806 5588 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
    13:33:18.0806 5588 RDPDR - ok
    13:33:18.0822 5588 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    13:33:18.0822 5588 RDPENCDD - ok
    13:33:18.0822 5588 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    13:33:18.0822 5588 RDPREFMP - ok
    13:33:18.0838 5588 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
    13:33:18.0838 5588 RDPWD - ok
    13:33:18.0838 5588 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    13:33:18.0853 5588 rdyboost - ok
    13:33:18.0884 5588 RegSrvc (189c5a8d2098e0aa14fd157a954b34fc) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    13:33:18.0884 5588 RegSrvc - ok
    13:33:18.0900 5588 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    13:33:18.0900 5588 RemoteAccess - ok
    13:33:18.0900 5588 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    13:33:18.0916 5588 RemoteRegistry - ok
    13:33:18.0931 5588 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
    13:33:18.0931 5588 RFCOMM - ok
    13:33:18.0931 5588 RimUsb (ad42432d22940b4215177be113e4919c) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
    13:33:18.0931 5588 RimUsb - ok
    13:33:18.0931 5588 RimVSerPort (4aafffa67ac4dfa3d9985d78573887e2) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
    13:33:18.0947 5588 RimVSerPort - ok
    13:33:18.0947 5588 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
    13:33:18.0947 5588 ROOTMODEM - ok
    13:33:19.0009 5588 RosettaStoneDaemon (e7062dbd907e0c5ceeb5abdaf07e6b32) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
    13:33:19.0040 5588 RosettaStoneDaemon - ok
    13:33:19.0072 5588 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    13:33:19.0072 5588 RpcEptMapper - ok
    13:33:19.0072 5588 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    13:33:19.0087 5588 RpcLocator - ok
    13:33:19.0103 5588 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    13:33:19.0103 5588 RpcSs - ok
    13:33:19.0118 5588 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    13:33:19.0118 5588 rspndr - ok
    13:33:19.0134 5588 RSUSBSTOR (be29b0a3ac1e8bd02ffab8cee86badfa) C:\Windows\system32\Drivers\RtsUStor.sys
    13:33:19.0134 5588 RSUSBSTOR - ok
    13:33:19.0150 5588 RTL8167 (2777226ee8bf50b059d7a7c90177e99c) C:\Windows\system32\DRIVERS\Rt64win7.sys
    13:33:19.0150 5588 RTL8167 - ok
    13:33:19.0165 5588 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
    13:33:19.0165 5588 s3cap - ok
    13:33:19.0165 5588 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    13:33:19.0165 5588 SamSs - ok
    13:33:19.0181 5588 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    13:33:19.0181 5588 sbp2port - ok
    13:33:19.0181 5588 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    13:33:19.0196 5588 SCardSvr - ok
    13:33:19.0196 5588 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    13:33:19.0196 5588 scfilter - ok
    13:33:19.0228 5588 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
    13:33:19.0243 5588 Schedule - ok
    13:33:19.0243 5588 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    13:33:19.0243 5588 SCPolicySvc - ok
    13:33:19.0259 5588 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
    13:33:19.0259 5588 SDRSVC - ok
    13:33:19.0274 5588 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    13:33:19.0274 5588 secdrv - ok
    13:33:19.0274 5588 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
    13:33:19.0274 5588 seclogon - ok
    13:33:19.0274 5588 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
    13:33:19.0290 5588 SENS - ok
    13:33:19.0290 5588 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    13:33:19.0290 5588 SensrSvc - ok
    13:33:19.0290 5588 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
    13:33:19.0290 5588 Serenum - ok
    13:33:19.0306 5588 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
    13:33:19.0306 5588 Serial - ok
    13:33:19.0306 5588 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
    13:33:19.0306 5588 sermouse - ok
    13:33:19.0321 5588 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
    13:33:19.0321 5588 SessionEnv - ok
    13:33:19.0321 5588 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    13:33:19.0321 5588 sffdisk - ok
    13:33:19.0337 5588 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    13:33:19.0337 5588 sffp_mmc - ok
    13:33:19.0337 5588 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    13:33:19.0337 5588 sffp_sd - ok
    13:33:19.0337 5588 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
    13:33:19.0337 5588 sfloppy - ok
    13:33:19.0352 5588 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
    13:33:19.0352 5588 ShellHWDetection - ok
    13:33:19.0368 5588 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
    13:33:19.0368 5588 SiSRaid2 - ok
    13:33:19.0368 5588 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
    13:33:19.0368 5588 SiSRaid4 - ok
    13:33:19.0384 5588 SkypeUpdate (ea396139541706b4b433641d62ea53ce) C:\Program Files (x86)\Skype\Updater\Updater.exe
    13:33:19.0384 5588 SkypeUpdate - ok
    13:33:19.0399 5588 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    13:33:19.0399 5588 Smb - ok
    13:33:19.0399 5588 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    13:33:19.0399 5588 SNMPTRAP - ok
    13:33:19.0399 5588 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    13:33:19.0415 5588 spldr - ok
    13:33:19.0430 5588 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
    13:33:19.0430 5588 Spooler - ok
    13:33:19.0555 5588 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
    13:33:19.0586 5588 sppsvc - ok
    13:33:19.0633 5588 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    13:33:19.0633 5588 sppuinotify - ok
    13:33:19.0664 5588 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    13:33:19.0664 5588 srv - ok
    13:33:19.0696 5588 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    13:33:19.0696 5588 srv2 - ok
  5. reloader-1

    reloader-1 Newcomer, in training Topic Starter

    Continued:

    13:33:19.0711 5588 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    13:33:19.0711 5588 srvnet - ok
    13:33:19.0711 5588 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    13:33:19.0727 5588 SSDPSRV - ok
    13:33:19.0727 5588 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    13:33:19.0727 5588 SstpSvc - ok
    13:33:19.0742 5588 STacSV (a6b2ec3a2b6ad7c3f7b2f3495cade4c0) C:\Program Files\IDT\WDM\STacSV64.exe
    13:33:19.0742 5588 STacSV - ok
    13:33:19.0758 5588 stdcfltn (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys
    13:33:19.0758 5588 stdcfltn - ok
    13:33:19.0758 5588 Steam Client Service - ok
    13:33:19.0774 5588 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
    13:33:19.0774 5588 stexstor - ok
    13:33:19.0789 5588 STHDA (eba98394a7d58f7552c52192bd8fa7e6) C:\Windows\system32\DRIVERS\stwrt64.sys
    13:33:19.0789 5588 STHDA - ok
    13:33:19.0805 5588 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
    13:33:19.0820 5588 stisvc - ok
    13:33:19.0820 5588 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
    13:33:19.0820 5588 storflt - ok
    13:33:19.0836 5588 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
    13:33:19.0836 5588 StorSvc - ok
    13:33:19.0836 5588 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
    13:33:19.0836 5588 storvsc - ok
    13:33:19.0836 5588 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    13:33:19.0836 5588 swenum - ok
    13:33:19.0867 5588 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    13:33:19.0867 5588 swprv - ok
    13:33:19.0914 5588 SynTP (09e811486038f1c06f9e00dffaab7a4e) C:\Windows\system32\DRIVERS\SynTP.sys
    13:33:19.0930 5588 SynTP - ok
    13:33:20.0023 5588 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
    13:33:20.0039 5588 SysMain - ok
    13:33:20.0086 5588 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
    13:33:20.0086 5588 TabletInputService - ok
    13:33:20.0101 5588 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
    13:33:20.0101 5588 TapiSrv - ok
    13:33:20.0117 5588 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    13:33:20.0117 5588 TBS - ok
    13:33:20.0195 5588 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
    13:33:20.0210 5588 Tcpip - ok
    13:33:20.0320 5588 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
    13:33:20.0351 5588 TCPIP6 - ok
    13:33:20.0398 5588 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    13:33:20.0398 5588 tcpipreg - ok
    13:33:20.0413 5588 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    13:33:20.0413 5588 TDPIPE - ok
    13:33:20.0413 5588 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
    13:33:20.0413 5588 TDTCP - ok
    13:33:20.0429 5588 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    13:33:20.0429 5588 tdx - ok
    13:33:20.0444 5588 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
    13:33:20.0444 5588 TermDD - ok
    13:33:20.0460 5588 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
    13:33:20.0476 5588 TermService - ok
    13:33:20.0476 5588 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    13:33:20.0476 5588 Themes - ok
    13:33:20.0491 5588 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    13:33:20.0491 5588 THREADORDER - ok
    13:33:20.0491 5588 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    13:33:20.0507 5588 TrkWks - ok
    13:33:20.0507 5588 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
    13:33:20.0507 5588 TrustedInstaller - ok
    13:33:20.0522 5588 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    13:33:20.0522 5588 tssecsrv - ok
    13:33:20.0522 5588 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    13:33:20.0522 5588 TsUsbFlt - ok
    13:33:20.0522 5588 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
    13:33:20.0522 5588 TsUsbGD - ok
    13:33:20.0538 5588 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    13:33:20.0538 5588 tunnel - ok
    13:33:20.0538 5588 TurboB (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
    13:33:20.0554 5588 TurboB - ok
    13:33:20.0554 5588 TurboBoost (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    13:33:20.0569 5588 TurboBoost - ok
    13:33:20.0569 5588 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
    13:33:20.0569 5588 uagp35 - ok
    13:33:20.0585 5588 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    13:33:20.0585 5588 udfs - ok
    13:33:20.0600 5588 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    13:33:20.0600 5588 UI0Detect - ok
    13:33:20.0600 5588 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    13:33:20.0600 5588 uliagpkx - ok
    13:33:20.0616 5588 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
    13:33:20.0616 5588 umbus - ok
    13:33:20.0616 5588 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
    13:33:20.0616 5588 UmPass - ok
    13:33:20.0632 5588 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
    13:33:20.0632 5588 UmRdpService - ok
    13:33:20.0725 5588 UNS (eb79c6c91a99930015ef29ae7fa802d1) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    13:33:20.0756 5588 UNS - ok
    13:33:20.0803 5588 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    13:33:20.0803 5588 upnphost - ok
    13:33:20.0819 5588 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
    13:33:20.0834 5588 usbaudio - ok
    13:33:20.0834 5588 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    13:33:20.0834 5588 usbccgp - ok
    13:33:20.0850 5588 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    13:33:20.0850 5588 usbcir - ok
    13:33:20.0850 5588 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    13:33:20.0850 5588 usbehci - ok
    13:33:20.0866 5588 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    13:33:20.0866 5588 usbhub - ok
    13:33:20.0881 5588 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
    13:33:20.0881 5588 usbohci - ok
    13:33:20.0881 5588 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
    13:33:20.0881 5588 usbprint - ok
    13:33:20.0897 5588 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    13:33:20.0897 5588 USBSTOR - ok
    13:33:20.0897 5588 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    13:33:20.0897 5588 usbuhci - ok
    13:33:20.0912 5588 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
    13:33:20.0912 5588 usbvideo - ok
    13:33:20.0912 5588 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    13:33:20.0912 5588 UxSms - ok
    13:33:20.0912 5588 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    13:33:20.0912 5588 VaultSvc - ok
    13:33:21.0022 5588 vcsFPService (8c51e58d59cbf2639832484ec9ed8dda) C:\Windows\system32\vcsFPService.exe
    13:33:21.0053 5588 vcsFPService - ok
    13:33:21.0100 5588 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    13:33:21.0100 5588 vdrvroot - ok
    13:33:21.0115 5588 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
    13:33:21.0115 5588 vds - ok
    13:33:21.0115 5588 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    13:33:21.0131 5588 vga - ok
    13:33:21.0131 5588 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    13:33:21.0131 5588 VgaSave - ok
    13:33:21.0146 5588 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    13:33:21.0146 5588 vhdmp - ok
    13:33:21.0146 5588 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    13:33:21.0146 5588 viaide - ok
    13:33:21.0162 5588 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
    13:33:21.0162 5588 vmbus - ok
    13:33:21.0162 5588 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
    13:33:21.0162 5588 VMBusHID - ok
    13:33:21.0178 5588 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    13:33:21.0178 5588 volmgr - ok
    13:33:21.0193 5588 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    13:33:21.0193 5588 volmgrx - ok
    13:33:21.0209 5588 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    13:33:21.0209 5588 volsnap - ok
    13:33:21.0209 5588 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
    13:33:21.0224 5588 vsmraid - ok
    13:33:21.0256 5588 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
    13:33:21.0271 5588 VSS - ok
    13:33:21.0318 5588 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    13:33:21.0318 5588 vwifibus - ok
    13:33:21.0318 5588 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    13:33:21.0318 5588 vwififlt - ok
    13:33:21.0334 5588 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    13:33:21.0334 5588 vwifimp - ok
    13:33:21.0349 5588 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    13:33:21.0349 5588 W32Time - ok
    13:33:21.0349 5588 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
    13:33:21.0365 5588 WacomPen - ok
    13:33:21.0365 5588 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    13:33:21.0365 5588 WANARP - ok
    13:33:21.0365 5588 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    13:33:21.0365 5588 Wanarpv6 - ok
    13:33:21.0412 5588 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    13:33:21.0427 5588 WatAdminSvc - ok
    13:33:21.0474 5588 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
    13:33:21.0490 5588 wbengine - ok
    13:33:21.0536 5588 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    13:33:21.0536 5588 WbioSrvc - ok
    13:33:21.0552 5588 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
    13:33:21.0552 5588 wcncsvc - ok
    13:33:21.0552 5588 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    13:33:21.0552 5588 WcsPlugInService - ok
    13:33:21.0568 5588 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
    13:33:21.0568 5588 Wd - ok
    13:33:21.0599 5588 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    13:33:21.0599 5588 Wdf01000 - ok
    13:33:21.0599 5588 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    13:33:21.0599 5588 WdiServiceHost - ok
    13:33:21.0614 5588 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    13:33:21.0614 5588 WdiSystemHost - ok
    13:33:21.0614 5588 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
    13:33:21.0630 5588 WebClient - ok
    13:33:21.0630 5588 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    13:33:21.0646 5588 Wecsvc - ok
    13:33:21.0646 5588 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    13:33:21.0646 5588 wercplsupport - ok
    13:33:21.0661 5588 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    13:33:21.0661 5588 WerSvc - ok
    13:33:21.0677 5588 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    13:33:21.0677 5588 WfpLwf - ok
    13:33:21.0677 5588 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    13:33:21.0677 5588 WIMMount - ok
    13:33:21.0677 5588 WinDefend - ok
    13:33:21.0692 5588 WinHttpAutoProxySvc - ok
    13:33:21.0708 5588 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    13:33:21.0708 5588 Winmgmt - ok
    13:33:21.0770 5588 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
    13:33:21.0786 5588 WinRM - ok
    13:33:21.0833 5588 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
    13:33:21.0833 5588 WinUSB - ok
    13:33:21.0864 5588 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    13:33:21.0880 5588 Wlansvc - ok
    13:33:21.0880 5588 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    13:33:21.0880 5588 WmiAcpi - ok
    13:33:21.0895 5588 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    13:33:21.0895 5588 wmiApSrv - ok
    13:33:21.0911 5588 WMPNetworkSvc - ok
    13:33:21.0911 5588 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    13:33:21.0911 5588 WPCSvc - ok
    13:33:21.0911 5588 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
    13:33:21.0926 5588 WPDBusEnum - ok
    13:33:21.0926 5588 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    13:33:21.0926 5588 ws2ifsl - ok
    13:33:21.0926 5588 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
    13:33:21.0942 5588 wscsvc - ok
    13:33:21.0942 5588 WSearch - ok
    13:33:22.0020 5588 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
    13:33:22.0051 5588 wuauserv - ok
    13:33:22.0098 5588 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    13:33:22.0098 5588 WudfPf - ok
    13:33:22.0114 5588 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    13:33:22.0114 5588 WUDFRd - ok
    13:33:22.0114 5588 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
    13:33:22.0129 5588 wudfsvc - ok
    13:33:22.0129 5588 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    13:33:22.0129 5588 WwanSvc - ok
    13:33:22.0145 5588 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    13:33:22.0145 5588 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
    13:33:22.0145 5588 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
    13:33:22.0145 5588 Boot (0x1200) (4f4c5409fb8ce8bc483e368a2f9d13fd) \Device\Harddisk0\DR0\Partition0
    13:33:22.0145 5588 \Device\Harddisk0\DR0\Partition0 - ok
    13:33:22.0160 5588 Boot (0x1200) (3b340f8d1635b9cd09707069a6e16ad1) \Device\Harddisk0\DR0\Partition1
    13:33:22.0160 5588 \Device\Harddisk0\DR0\Partition1 - ok
    13:33:22.0160 5588 ============================================================
    13:33:22.0160 5588 Scan finished
    13:33:22.0160 5588 ============================================================
    13:33:22.0160 5428 Detected object count: 1
    13:33:22.0160 5428 Actual detected object count: 1
    13:33:30.0366 5428 \Device\Harddisk0\DR0\# - copied to quarantine
    13:33:30.0538 5428 \Device\Harddisk0\DR0 - copied to quarantine
    13:33:31.0240 5428 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
    13:33:31.0271 5428 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
    13:33:31.0286 5428 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
    13:33:31.0302 5428 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
    13:33:31.0333 5428 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    13:33:31.0895 5428 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    13:33:31.0910 5428 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
    13:33:31.0910 5428 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
    13:33:31.0910 5428 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
    13:33:32.0004 5428 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    13:33:32.0020 5428 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    13:33:32.0020 5428 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
    13:33:32.0035 5428 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
    13:33:32.0035 5428 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
    13:33:32.0051 5428 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
    13:33:32.0066 5428 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
    13:33:32.0066 5428 \Device\Harddisk0\DR0 - ok
    13:33:32.0066 5428 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
    13:33:33.0642 2104 Deinitialize success
  6. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    I can't make that decision for you.

    If you want to continue....

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  7. reloader-1

    reloader-1 Newcomer, in training Topic Starter

    RogueKiller log:

    --------------------------------

    RogueKiller V7.6.4 [07/17/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User: X [Admin rights]
    Mode: Scan -- Date: 08/01/2012 22:37:59

    ¤¤¤ Bad processes: 0 ¤¤¤

    ¤¤¤ Registry Entries: 3 ¤¤¤
    [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FOLDER] U : c:\windows\installer\{527fca17-bc25-e78a-abbc-374ecbbce2fb}\U --> FOUND
    [ZeroAccess][FOLDER] L : c:\windows\installer\{527fca17-bc25-e78a-abbc-374ecbbce2fb}\L --> FOUND

    ¤¤¤ Driver: [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: SAMSUNG 470 Series SSD ATA Device +++++
    --- User ---
    [MBR] a6ce6e5e06cefd1c5695d50012a18463
    [BSP] 1d037d5f9407711766fc75e1321fc18b : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 122002 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt



    -------------------------------

    aswMBR log

    -------------------------------

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-08-01 22:40:04
    -----------------------------
    22:40:04.253 OS Version: Windows x64 6.1.7601 Service Pack 1
    22:40:04.253 Number of processors: 4 586 0x2A07
    22:40:04.253 ComputerName: VOSTRO3350 UserName:
    22:40:04.415 Initialize success
    22:41:03.122 AVAST engine defs: 12080101
    22:41:09.154 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    22:41:09.159 Disk 0 Vendor: SAMSUNG_470_Series_SSD AXM08B1Q Size: 122104MB BusType: 11
    22:41:09.165 Disk 0 MBR read successfully
    22:41:09.171 Disk 0 MBR scan
    22:41:09.181 Disk 0 Windows 7 default MBR code
    22:41:09.187 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    22:41:09.225 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 122002 MB offset 206848
    22:41:09.260 Disk 0 scanning C:\Windows\system32\drivers
    22:41:14.094 Service scanning
    22:41:26.139 Modules scanning
    22:41:26.144 Disk 0 trace - called modules:
    22:41:26.148
    22:41:26.321 AVAST engine scan C:\Windows
    22:41:27.501 AVAST engine scan C:\Windows\system32
    22:43:13.666 AVAST engine scan C:\Windows\system32\drivers
    22:43:20.314 AVAST engine scan C:\Users\X
    22:44:03.794 AVAST engine scan C:\ProgramData
    22:44:12.216 Scan finished successfully
    22:44:25.394 Disk 0 MBR has been saved successfully to "C:\Users\X\Desktop\MBR.dat"
    22:44:25.400 The log file has been saved successfully to "C:\Users\X\Desktop\aswMBR.txt"
  8. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
  9. reloader-1

    reloader-1 Newcomer, in training Topic Starter

    Broni, given that my flight is tomorrow I did a quick inventory of my computer, realized I needed to save little if any of the files, and did a slash and burn reinstall.

    Many, MANY thanks for helping with your time and effort. I really appreciated it and cannot thank you enough.
  10. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    Thanks for letting me know :)


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.